Lucene search
K

2486 matches found

CVE
CVE
added 2026/06/08 4:51 p.m.42 views

CVE-2026-46481

OpenMetadata 1.12.1 is affected by a vulnerability in the TEST_CONNECTION workflow (POST /api/v1/automations/workflows) where a non-admin SSO user can trigger a TEST_CONNECTION and receive both the cleartext database password in the response and a valid ingestion-bot JWT in openMetadataServerConn...

8.3CVSS5.4AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47542

Every /ui/ POST / PUT / PATCH / DELETE route processes the request as soon as the session cookie validates. SameSite=Lax on the session cookie prevents most cross-site form submits but does not protect: - top-level form-submit navigations from third-party pages some browsers still send Lax cookie...

7CVSS5.3AI score
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/07 12:54 a.m.185 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

CVE-2025-57819 — FreePBX Pre-Auth SQLi to RCE An all-in-one e...

10CVSS6.9AI score0.93286EPSS
Exploits21
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-2401

CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker...

5CVSS5.4AI score0.00103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2016-20054

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

5.3CVSS5.3AI score0.00106EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2025-40902

A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a malicious user whose username contains HTML tags. When a victim attempts to delete a group containing...

5.9CVSS5.5AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 7:29 p.m.17 views

CVE-2026-25622

CVE-2026-25622 affects Arista Edge Threat Management NGFW. A Captive Portal Custom Handler command injection exists where an administrative user logged into the UI can exploit input handling to execute arbitrary shell commands on the platform. Affected: NGFW versions up to 17.4.0 (per Arista advi...

7CVSS5.9AI score0.0988EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/05 4:45 p.m.15 views

Vantage6: Set admin user and password from environment or configuration

Impact Vantage6 currently provides an initial user with username root and password root. This is not ideal for the following reasons: - Attackers know that almost all vantage6 servers have a user with username root that probably has admin rights - The initial password is very weak and it is...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/05 1:57 p.m.4 views

SUSE-SU-2026:22086-1 Security update for NetworkManager

This update for NetworkManager fixes the following issues: Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static bsc1257366...

3.3CVSS5.2AI score0.00162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-46977

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

4.8CVSS3.6AI score0.0021EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/04 7:28 p.m.18 views

Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

UserController::upsertUser writes user data in SYSTEMSCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

5.8AI score0.00034EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/06/04 12:16 p.m.15 views

CVE-2025-12694

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...

8.5CVSS0.00104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 12:4 p.m.10 views

CVE-2025-12694 Local Privilege Escalation in VPN Client

A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrative user to escalate privileges to SYSTEM. This issue affects VPN Client for Windows: versions 6.11.3 and prior...

8.5CVSS5.8AI score0.00104EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46225

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authorization flaw exists in the Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application verifies if a matching template exists but fai...

5.1CVSS5.5AI score0.00154EPSS
Exploits0References5
NVD
NVD
added 2026/06/02 4:16 p.m.19 views

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.4CVSS0.00138EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:8 p.m.8 views

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 1:19 p.m.10 views

CVE-2026-10533 Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation

A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged user who can create pods in a namespace can exploit this to generate a large volume of events that...

5CVSS5.8AI score0.0023EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 2:46 p.m.17 views

CVE-2018-25397

PHP-SHOP 1.0 is affected by a cross-site request forgery in the users.php endpoint. An unauthenticated attacker can craft a page with a hidden form that automatically POSTs parameters (name, email, password, permissions) to create an admin account, by convincing an authenticated administrator to ...

6.9CVSS5.7AI score0.00162EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:8 p.m.9 views

CVE-2026-44848

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

5.7AI score0.00328EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder